I try to connect to my vncserver running on CentOs from home computer,
behind firewall. I have installed Win7 and Ubuntu both on this machine. I
have an error:

VNC conenction failed: vncserver too many security failures

even when logging with right credentials (I reset passwd on CentOs) I get:
authentication failure.

I observe that I have to wait a whole day to be able to relogin at all.

Is it something regarding that I try as root? I think important is also
that I have to login to remote Centos through port 6050 - none else port
works for me. Do I have to do something with other ports? I see that
vncserver is listening on 5901, 5902 if another added - and I consider
connection is established because from time to time (long time) the passwd
prompt appears,... right?

I have created additional user1, password for him to CentOS and to VNC,
also user2. I do:

service vncserver start

and two servers starts, one :1, and second on :2. When I try to connect to
vncserverIP:1 I get what described above, but when I try connect to
vncserverIP:2 it says that the trial was unsuccessful.

2 Answers
2

VNC uses a separate password system. It does not check passwords against /etc/passwd but rather against ~/.vnc/passwd, which contains a single primary password and optionally a secondary password that allows only viewing the screen.

To set your VNC password(s), use the vncpasswd command. VNC passwords must be between five and eight characters in length – characters beyond the eighth are silently ignored. So if you are using VNC over the Internet, pick a strong, random password, as attackers may use botnets that have numerous IP addresses to circumvent the lockout while cracking your password.

If you must use VNC over the Internet, run it on a randomly chosen port number (not 5900) to avoid detection in port scans that cover only the common ports. Preferably, tunnel your VNC connection over SSH to protect yourself against eavesdropping and man-in-the-middle attacks. If you do this, you should set vncserver to not accept connections from the Internet, disable password-only authentication on the SSH service and use public-key authentication to protect against common brute-force password cracking attempts.

Restarting vncserver should reset the lockout. The manual page does not mention any way to disable the (already inadequate?) lockout entirely.

thanks, as I said I have created users and set them password both on terminal (passwd) and VNC (vncpasswd) so passwords are set already. but I have choosen 9 letter passwords. you said that VNC ignore then the last letter, but does the VNC viewer ignore it also when I put that 9-letters long passwords when logging? restarting by: service vncserver restart doesn't remove the lockout: still have authentication failure without option to login. so, should I try to login (when it allow again) using the truncated passwords (only take first 8 letters) or do I have to set it again?
–
AB_Jun 17 '12 at 21:59

another question: how to login as root? is it possible? when logging you are asked only about IP and password, so how to login as root to see root session?
–
AB_Jun 17 '12 at 22:08

@cf16: The simple answer (to "how to login as root?") is to run vncserver as root. If you want to log in to multiple different user accounts without having to use su or sudo, you would need to set up an X display manager such as LightDM.
–
PleaseStandJun 17 '12 at 22:26

I started as root, so it tells me that servers for user1 and user2 have been created. request for password appears only when trying IP:1, when trying to connect to IP:2 it doesn't connect at all.
–
AB_Jun 17 '12 at 22:43